<%@ page language="java"%>
<%@ page import="java.sql.*"%>
<%@ page import="java.util.*"%>
<%@ page import="java.io.*"%>
<%@ page import="org.apache.tomcat.util.http.fileupload.*"%>
<html>
<head><title></title>
</head>
<body>
<center>
<%
	class XSSchecker
	{
		public String sanitize(String string) 
		{
			string.replaceAll("(?i)<script.*?>.*?</script.*?>", "");   	
			string.replaceAll("(?i)<.*?javascript:.*?>.*?</.*?>", ""); 
			string.replaceAll("(?i)<.*?\\s+on.*?>.*?</.*?>", "");
			return string;
		}
	};

       try
       {
		XSSchecker checker = new XSSchecker();

		if(session.getAttribute("logged_in") == "true")
		{
			out.println("<p><h2>Logged In</p><h2>");

			DiskFileUpload fu = new DiskFileUpload();

			// maximum size before a FileUploadException will be thrown
			fu.setSizeMax(100*1024*1024);

			// maximum size that will be stored in memory
			fu.setSizeThreshold(256*1024);

			// the location for saving data that is larger than getSizeThreshold()
			fu.setRepositoryPath("/var/lib/tomcat6/webapps/cptr562-2010-01/files/");

			List fileItems = fu.parseRequest(request);

			Iterator i = fileItems.iterator();

			FileItem fi = (FileItem)i.next();

			String fileName = checker.sanitize(fi.getName());

			File file=new File("/var/lib/tomcat6/webapps/cptr562-2010-01/files/" + session.getAttribute("username"));

			if(file.exists())
			{
				//out.println("directory exists<br>");
				File f = new File("/var/lib/tomcat6/webapps/cptr562-2010-01/files/" + session.getAttribute("username") + "/" + fileName);
				if(!f.exists())
				{		
					fi.write(f);
					out.println("File saved succesfully<br>");


					// update the database
					String DRIVER = "com.mysql.jdbc.Driver";
					Class.forName(DRIVER);
					Connection con=null;
					ResultSet rst=null;
					
					String url="jdbc:mysql://ecstiger.cs.andrews.edu/d562_2010_01?user=u562_2010_01&password=YPJ8f4We";	
					con=DriverManager.getConnection(url);

					PreparedStatement stmt = con.prepareStatement("INSERT INTO `d562_2010_01`.`presentation` (`id`, `allowed`, `file_name`, `user_id`) VALUES ( NULL , '0', ? , ? )");
					stmt.setString(1, fileName); 
					stmt.setString(2, (String)session.getAttribute("id")); 
					int Result = stmt.executeUpdate();
		
					stmt.close();
					con.close();
					stmt.close();
				}
				else
				{
					out.println("A file by that name already exists in your directory<br>");
				}
			}
			else
			{
				//out.println("directory does not exist<br>");

				boolean success = (new File("/var/lib/tomcat6/webapps/cptr562-2010-01/files/" + session.getAttribute("username"))).mkdirs(); 
				if (success) 
				{
					System.out.println("Directory: " + session.getAttribute("username") + " created");
					File f = new File("/var/lib/tomcat6/webapps/cptr562-2010-01/files/" + session.getAttribute("username") + "/" + fileName);	
					if(!f.exists())
					{		
						fi.write(f);
						out.println("File saved succesfully<br>");

						// update the database
						String DRIVER = "com.mysql.jdbc.Driver";
						Class.forName(DRIVER);
						Connection con=null;
						ResultSet rst=null;
						
						String url="jdbc:mysql://ecstiger.cs.andrews.edu/d562_2010_01?user=u562_2010_01&password=YPJ8f4We";
						con=DriverManager.getConnection(url);		

						PreparedStatement stmt = con.prepareStatement("INSERT INTO `d562_2010_01`.`presentation` (`id`, `allowed`, `file_name`, `user_id`) VALUES ( NULL , '0', ? , ? )");
						stmt.setString(1, fileName); 
						stmt.setString(2, (String)session.getAttribute("id")); 
						int Result = stmt.executeUpdate();
		
						stmt.close();
						con.close();
						stmt.close();					
					}
					else
					{
						out.println("A file by that name already exists<br><br>");
					}					
				}
				else
				{
					out.println("Directory creation failed<br><br>");   
				}
			}	
		}
		else
		{
			out.println("Not Logged In");
		}
       }
       catch(Exception e)
       {
           out.println(e);
       }	
%>
<br><a href="menu.jsp">Main Menu</a>
</center>
</body>
</table>
</center>
</div>


</body>
</html>
